# attack requirements: # 1) vulnerable version (obviously!): 2.11.x before 2.11.9.5 # and 3.x before 3.1.3.1 according to PMASA-2009-3 # 2) it *seems* this vuln can only be exploited against environments # where the administrator has chosen to install phpMyAdmin following # the *wizard* method, rather than manual method: http://snipurl.com/jhjxx # 3) administrator must have NOT deleted the '/config/' directory # within the '/phpMyAdmin/' directory. this is because this directory is # where '/scripts/setup.php' tries to create 'config.inc.php' which is where # our evil PHP code is injected 8)